Ejemplo n.º 1
0
    def get(self, request, *args, **kwargs):
        # store the 'next' parameter in the session so we can
        # redirect the user afterwards
        next = get_next(request)
        request.session['sso_after_logout_next'] = next

        payload = {
            # JWT standard items.
            'iss': settings.SSO_KEY,
            'exp': datetime.datetime.utcnow() + JWT_EXPIRATION,
            # Our items.
            'logout_url': abs_reverse(
                request, 'lizard_auth_client.sso_local_logout'),
        }

        signed_message = jwt.encode(payload, settings.SSO_SECRET,
                                    algorithm=settings.SSO_JWT_ALGORITHM)
        query_string = urlencode({
            'message': signed_message,
            'key': settings.SSO_KEY
            })

        url = sso_server_url('logout')
        url = '%s?%s' % (url, query_string)

        # send the redirect response
        return HttpResponseRedirect(url)
Ejemplo n.º 2
0
def _sso_post(viewname, payload):
    """Send a payload to the named URL at the SSO server.
    Args:
        viewname (str): The name of the URL (a bit like Django's reverse).
            See https://sso.lizard.net/api2/.
        payload (dict): A Python dictionary with key-value pairs to send.
    Returns:
        dict: The decoded JSON response.
    Raises:
        HTTPError, if one occured.
    """
    url = sso_server_url(viewname)
    # Add required fields to the payload. These cannot/should not
    # be set by the caller (will be overwritten if set).
    payload['iss'] = settings.SSO_KEY
    payload['exp'] = datetime.datetime.utcnow() + JWT_EXPIRATION
    # Sign the message.
    signed_message = jwt.encode(
        payload,
        settings.SSO_SECRET,
        algorithm=settings.SSO_JWT_ALGORITHM,
    )
    # Send the key along with the signed message. This is a
    # peculiarity of the SSO server: the signed message
    # already contains the key.
    r = requests.post(
        url, data={
            'message': signed_message,
            'key': settings.SSO_KEY,
        }
    )
    # Check that the request is succesful.
    r.raise_for_status()
    # Return the decoded JSON response.
    return r.json()
Ejemplo n.º 3
0
    def get(self, request, *args, **kwargs):
        next = get_next(request)
        request.session['sso_after_login_next'] = next

        payload = {
            # JWT standard items.
            'iss': settings.SSO_KEY,
            'exp': datetime.datetime.utcnow() + JWT_EXPIRATION,
            # Our items.
            'login_success_url': abs_reverse(
                request, 'lizard_auth_client.sso_local_login'),
            }
        if request.GET.get('attempt_login_only', 'false').lower() == 'true':
            # We don't force the user to log in. To signal that, we pass our
            # 'the user is not logged in' url, too.
            payload['unauthenticated_is_ok_url'] = abs_reverse(
                request,
                'lizard_auth_client.sso_local_not_logged_in')

        signed_message = jwt.encode(payload, settings.SSO_SECRET,
                                    algorithm=settings.SSO_JWT_ALGORITHM)
        query_string = urlencode({
            'message': signed_message,
            'key': settings.SSO_KEY
            })

        # Build an absolute URL pointing to the SSO server out of it.
        url = sso_server_url('login')
        url_with_params = '%s?%s' % (url, query_string)
        return HttpResponseRedirect(url_with_params)